[Snort-users] -l parameter

Ed Callahan snort at ...10352...
Tue Dec 9 09:55:05 EST 2003


Adam -

On my win32 installation this is what worked to avoid any logging files at
all: In my snort.conf these two output commands:

output database: alert, mssql, dbname=snort user=*** password=*** host=***
output log_null

and command line

snort -c c:\snort\etc\snort.conf -l c:\snort\log

The -l is required and the c:\snort\log directory must exist, but it is
empty.

The output log_null is the non-obvious part (to me at least).

Ed Callahan
snort at ...10352...


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
adam_peterson at ...10608...
Sent: Monday, December 08, 2003 1:23 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] -l parameter

Is the -l (that's an L) parameter required?  I log to a db so I don't want
to log to disk but for some reason, whether I use the -l parameter or not,
Snort is "detecting" my previously specified log directory and writing to
disk.  My disk isn't very big so I can't afford to log to disk.  I have no
output options logging locally.  Just 1 line in snort.conf for output:

output database: alert, mysql, user=zzz password=zzz dbname=zzz host=zzz
sensor_name=zzz

Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
adam_peterson at ...10608... | +1.415.357.4787





More information about the Snort-users mailing list